NIST SP 800-171 Support Overview

WorkFlo will help you manage and comply with all of the requirements of your metal finishing business.

We have to be in compliance too!

What is CUI?

CUI stands for Controlled Un-Classified Information. CUI is government created or owned information that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and government wide policies. CUI is not classified information. It is not corporate intellectual property unless created for or included in requirements related to a government contract.

Members of MFASC have expressed concern and confusion related to handling of CUI. to be eligible for work on Federal contracts.  These requirements will have a significant impact on the way business is done, but there is time to implement these changes.

The major points are:

  •   Self-Assessment – Due or Overdue
  •   System Security Plan – (POAM)
  •   System Changes
  •   Documentation
  •   Policies and Procedures
  •   Training

MFASC is in conversations with suppliers and others to prepare detailed guidance for our membership which will be provided within the next few weeks. 

We recommend that you do not spend any money, nor hire any consulting until we provide this information. The only urgency related to these requirements is a self-assessment followed by a Plan of Action with Milestones (POAM).  Neither of these require any expenditures.  If you do not know how to prepare these, we will provide instructions and help.

There’s no need to go it alone.

WARNING:  Be very careful about sharing any information about the state of you cyber security with anyone.  You should treat this information like a Social Security Number or Credit Card information.

Stay tuned, a lot more information to come in the next few weeks.

WorkFlo includes all of the NIST requirements in our project management module.  This includes mapping to the CMMC level 1, 2, and 3 controls, along with the FAR 52.204-21 controls.  Detailed information from the NIST Handbook 162 are included in the database for easy reference, including Additional Information, Where to Look, Who to Talk to, and what to Perform Test On.

CMMC Controls and DFAR 52.204-21 controls mapping the NIST SP 800-171 Requirements are also included for cross reference and tracking.

You can generate your self-assessment directly from WorkFlo and manage your progress and milestones within WorkFlo with a report you can generate on-demand.

Under development are tools to integrate your policies and procedures with training.